Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Proceedings of the eighteenth international symposium on Software testing and analysis
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Emulating emulation-resistant malware
Proceedings of the 1st ACM workshop on Virtual machine security
A forced sampled execution approach to kernel rootkit identification
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
A view on current malware behaviors
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A fistful of red-pills: how to automatically generate procedures to detect CPU emulators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Dynamic and transparent analysis of commodity production systems
Proceedings of the IEEE/ACM international conference on Automated software engineering
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
ISC'07 Proceedings of the 10th international conference on Information Security
Tracking rootkit footprints with a practical memory analysis system
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Malware continues to remain one of the most important security problems on the Internet today. Whenever an anti-malware solution becomes popular, malware authors typically react promptly and modify their programs to evade defense mechanisms. For example, recently, malware authors have increasingly started to create malicious code that can evade dynamic analysis. One recent form of evasion against dynamic analysis systems is stalling code. Stalling code is typically executed before any malicious behavior. The attacker's aim is to delay the execution of the malicious activity long enough so that an automated dynamic analysis system fails to extract the interesting malicious behavior. This paper presents the first approach to detect and mitigate malicious stalling code, and to ensure forward progress within the amount of time allocated for the analysis of a sample. Experimental results show that our system, called HASTEN, works well in practice, and that it is able to detect additional malicious behavior in real-world malware samples.